401未授权选项请求在春季/ oauth / token

时间:2017-05-22 14:07:32

标签: java angularjs spring spring-mvc oauth

我正在使用spring boot来进行rest api和登录身份验证使用spring security oauth2.it在我向localhost发送请求时工作正常:8080 / oauth / token来自与spring boot集成的角度客户端。在同一个localhost:8080)。 但是,如果我想从运行在localhost(xampp)上的客户端登录,那么它会给出错误

enter image description here

已更新:我还在application.java文件中提供了此代码

@SpringBootApplication
public class Application {
private static final String[] REQUEST_METHOD_SUPPORTED = { "GET", "POST", "PUT", "PATCH", "DELETE", "OPTIONS", "HEAD" };

public static void main(String[] args) {
    SpringApplication.run(Application.class, args);
}
@Bean
CommandLineRunner init() {
    return (args) -> {
        FileSystemUtils.deleteRecursively(new File(FileUploadController.ROOT));

        Files.createDirectory(Paths.get(FileUploadController.ROOT));
    };
}
@Bean
public WebMvcConfigurer corsConfigurer() {
    return new WebMvcConfigurerAdapter() {
        @Override
        public void addCorsMappings(CorsRegistry registry) {
            registry.addMapping("/**")
            .allowedOrigins("localhost:80")
            .allowedMethods("POST", "GET", "PUT", "DELETE")
            .allowedHeaders("header1", "header2", "header3")
            .exposedHeaders("header1", "header2");

        }
    };
 }


}

OAuth2ServerConfiguration.java 

@Configuration
@EnableWebSecurity
public class OAuth2ServerConfiguration {

private static final String RESOURCE_ID = "restservice";
@Configuration
@EnableResourceServer
protected static class ResourceServerConfiguration extends
        ResourceServerConfigurerAdapter {
    @Override
    public void configure(ResourceServerSecurityConfigurer resources) {
        // @formatter:off
        resources
            .resourceId(RESOURCE_ID);
        // @formatter:on
    }
    @Order(-1)
    @Override
    public void configure(HttpSecurity http) throws Exception {
        // @formatter:off
        http

            .authorizeRequests()
            .antMatchers(HttpMethod.OPTIONS).permitAll()

        // @formatter:on
    }

}

@Configuration
@EnableAuthorizationServer
protected static class AuthorizationServerConfiguration extends
        AuthorizationServerConfigurerAdapter {

    private TokenStore tokenStore = new InMemoryTokenStore();

    @Autowired
    @Qualifier("authenticationManagerBean")
    private AuthenticationManager authenticationManager;

    @Autowired
    private CustomUserDetailsService userDetailsService;

    @Override
    public void configure(AuthorizationServerEndpointsConfigurer endpoints)
            throws Exception {
        // @formatter:off
        endpoints
            .tokenStore(this.tokenStore)
            .authenticationManager(this.authenticationManager)
            .userDetailsService(userDetailsService);                            

        // @formatter:on
    }

    @Override
    public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
        // @formatter:off
        clients
            .inMemory()
                .withClient("clientapp")
                    .authorizedGrantTypes("password", "refresh_token")
                    .authorities("USER")
                    .scopes("read", "write")
                    .resourceIds(RESOURCE_ID)
                    .secret("LMS");
        // @formatter:on
    }

    @Bean
    @Primary
    public DefaultTokenServices tokenServices() {
        DefaultTokenServices tokenServices = new DefaultTokenServices();
        tokenServices.setSupportRefreshToken(true);
        tokenServices.setTokenStore(this.tokenStore);
        return tokenServices;
    }

}

}

我已经检查并尝试了很多解决方案,但无法弄清楚。任何帮助请!!!!

3 个答案:

答案 0 :(得分:2)

自动发送选项请求以确保服务器处于活动状态,因此如果您使用“WebSecurityConfgurerAdapter”,则需要在安全配置中允许选项方法

@Override
protected void configure(HttpSecurity httpSecurity) throws Exception {

         httpSecurity.// your autherization configuration
          .antMatchers(HttpMethod.OPTIONS).permitAll()


 }

答案 1 :(得分:0)

看起来您在请求时传递了一些客户标题,您可以看到有关CORS的基本概念here 

@Configuration
@EnableWebMvc
public class WebConfig extends WebMvcConfigurerAdapter {

    @Override
    public void addCorsMappings(CorsRegistry registry) {
        registry.addMapping("/**")
            .allowedOrigins("*")
            .allowedMethods("POST", "GET", "PUT", "DELETE")
            .allowedHeaders("header1", "header2", "header3")
            .exposedHeaders("header1", "header2");
        }
}

或者您只需配置

config.addAllowedHeader("*");
config.addAllowedMethod("*");

请根据此覆盖您的addCorsMappings,并在此方法中添加更新标题,如果您要传递任何标题。

答案 2 :(得分:0)

在使用 oidc-client 用 vuejs 实现 spring-security oauth2 时遇到了类似的问题。所以我发现必须通过 oidc-client 库不支持的基本身份验证将客户端应用程序发送到服务器。解决方法是允许客户端进行表单身份验证,如下所示:

@Configuration
@EnableAuthorizationServer
public class AuthServerConfiguration extends AuthorizationServerConfigurerAdapter {
  @Override
  public void configure(AuthorizationServerSecurityConfigurer oauthServer) throws Exception {
    oauthServer.allowFormAuthenticationForClients();
  }
}
相关问题
最新问题